Upgrade Server 2008 - Internet Information Services — IIS (phan 2)
Dộ cai dat Certificate (CA) ban vao lai Server Manager chon Roles -> Add Roles Trong man hinh Select Server Roles ban chon Active Directory Certificate Services Add Roles Wizard ằ Select Server Roles <| 2 g
Í⁄j Web Server (IIS) (Installed)
(_] Windows Deployment Services
Trong man hinh Select Role Services ban chon 2 muc 1a Certification
Trang 2Add Roles Wizard
Trong bài do tụi chỉ khảo sỏt CA trong mụi trường WORKGROUP mà thụi nờn trong cửa sụ Speclfy Setup Type tụi chọn Standalone Lí, V0 1 Bu lee las ic Specify Setup Type Ị or
Before You Begin Certification Authorities can use data in to simplify the issuance and management of certificates Specify whether you up an Enterprise or Standalone CA, Server Roles ADCS â Enterprice ° Role Services Sciect this option if the member of s domain and can use Directory Service to Gsue and manage cer bfcates oy  Ales @ Standalone
Provate Key Select if this CA does not use Directory Service dats to issue or manage certificates A Cryptograghy can be a member of 8 domain CA Name Validity Period Certifcate Database Chon Root CA ve ee ete las
i’ Specify CA Type oe”
Before You Begin A combination of root and subordinate be configured to creste 8 hierarchical public key infrastructure (XI) A root CAs a CA that issues self-signed certificate A subordinate CA receives its certificate
Server Roles Som another CA Speafy whether to set up @ root or subordinate CA
ADCS G
Role Services @ Root ca Ớ
Trang 3Add Roles Wizard
2L Ẳ |H Li%C 1x d>>Q(L4G(C 04V GV RC
rovider, bash slaocithm, See eats adie an o> Rated
Trang 4Add Roles Wizard
ic Configure CA Name ee yey | ] "
Màn hỡnh Select Role Services giữ nguyờn giỏ trị mặc định
Trang 5= Internet Information Services (IIS) Manager
'B Default Web Site ọ
sổ cảng 1 Ky Thuat Vien â tion Compression # Default @ Directory CỔ + Document Browsing + Error Pages Handler HTTP Logging ef a rio MIME Types Modules Output Server Caching Certificates
Trong man hinh Server Certificates ta nhan thay chi co mot Certificate mac dinh la SERVER-CA
Bõy giờ ta sộ tiộn hanh xin Certificate cho Web Server bằng cỏch nhấp
vao Create Certificate Request
Trong Distinguished Name Properties ban nhap thong tin cho
Certificate cỏc thụng tin trong này bạn tựy thớch chỉ cú thụng tin trong Common name là quan trọng nhất và ta phải nhập chớnh xỏc thụng tin trong Common name nay
Trang 6i Request Certificate Trong man hinh Cryptographic Service Provider Properties git nguyờn giỏ trị mặc định BS | Request Certificate a
Trong cửa số File Name bạn nhập đường dẫn để CA trớch xuất
Trang 7Trong 6 dia C:\ sộ xuat hiộn file gecom.txt L ocal Disk (C:) = RE Desktop 1/19/2008 1:40 AM
[EE Administrator 1/12/2009 2:48PM File Folder
D) Public 1/15/2009 12:34 Fie Folder Mi Computer 1/15/2009 9:37 AM File Folder
Trang 8W{ gccom - Notepad _ =|DỊ xị File Edit Format View Help TP eee
-~=-BEGIN NEW CERTIFICATE REQUEST-
MIIDUTCCAr OCAQAWb ]ELMAKGA1UEBhMCVVM xEDAOBG NVBAQMBOGVIEN\
BONVBACMC I RpZW4gR 21h ca XDZ ANBONVBS AOMBKGDIENVDTEPMAOGAILUECWWGNTE MZCZMRYWFAYDVOODD/ : VOMTGfMAOGCSqGSIb3DQEBAQUAA4C AADC B 1 QKBGQDQC NwCKIZUGQ7 1D4GGyH7 JBis8&cl coi UqwbP ' f2wzpH Ha0XV/3wSVtzosqzdv
2Y1U+NQpm1h o Shid2alTRBkHr7YSQIDAQABOT!I
Seer fap 1a ,PQY3 IKWYBBAGCNXUUMTAW Lqi
IBQwGUOVSVk IREvCgwL SWS èdE1nc 5 èeGUwcgyY
nae YBBAGCNW ad ° &ACWBVAGYAdA AQAFIAUWBBACA
q wBDAGGAYQBuUA SAZWBYAGE ACABOAGKAYWAGAFA icg BVAHYAaQBKA ‹OMYHBM1G+MA4GA1UdDWEB/w@Q lAw1E8DATBgNVH kqhkiG9wOBCQ8EazBpMA4GCCc ISIb30QMC atta! YIYIZIAWUDBAE QMASGCWCGSAF ees 2s sa - Rightto order EFMACGBSSOAWTHMAoGCCqGS1I
ee HMBOGA1Ud Show control characters 3KL 7 10s ]ANBgkghk1G9wOBAQL
lAAOB gQBhGega PC7+F 3DEgR/7r SBr ai7 3636AA
J/FLFC1M7/pMFrZ control character > 1D 585 /BmNOM24 1ta69MCO è Tứ
laIhnED1 5Uvg5 L4, 00 2909) reer
mm Seem ô=| (Open IME 4Í Reconversion m Select All
Tiếp theo bạn vào trang web của CA Server đề xin Certificate tiếp tục nhõp vào Request a certificate
/~ Microsoft Active Directory Certificate Services - Windows Internet Explorer
GS + J@) http://192 168 1 1/certsrv/ #||*+|| | [Lxe sexe
we we Emucosoft Active Drectory Certificate Services | |đ ~ BD - ah ~ [Pave + G Welcome %,
Use this Web site to request a certificate for y eb browser, e-mail clien other program By using a certificate, you can Verify your identity to people y communicate with over the Web, sign a t messages, and, dependi upon the type of certificate you request orm other security tasks
You can also use this Web site to,download a certificate authority (CA) certi
certificate chain, or certificate re tion list (CRL), or to view the status of < pending request
For more information
Trang 9
| /- Microsoft Active Directory Certificate Services - Windows Internet Explorer
Go xe: http://192 168 1 L/certerv/cerrqus.z ] 44K Jive Search
we a @ Microsoft Active Directory Certificate Services | kà- E] : 3‹ -›>Paœ + cnt AD Ck Sci SESVERCA Request a Certificate â GS Seo the Cami iype: @”
Tiếp tục nhấp vào Link thứ 2 bờn dưới
L⁄ˆ thcrosoft Acuve Drcctory Certfcate Serves - Windows Internet ÊxplBrer aL
G-E SIE eer] ty |} 26) five search po)
we _Gmcrosoh Active Drectory Certfcate Services | |đằa
Advanced Certificate Request <<
The policy of the CA determines the woe of certificates you can request Click
one of the following ee to: _
Trang 10
> Microsoft Active Dirccbocý Certificate Services - Windows Internet Je :,ẩ Page + Gr Saar ed Pane certificate request DzANBgNVBAcMBkdD (CMC or cuZ2Njb20ubmVOMIGE PKCS #10 or Cw7vdlesdVaZrvsHFyww PKCS #7): +VHahg3 nea Additional Attributes: = Attributes: ls Lm certsrv - [Ce ertification FT Giai (Local)\SE RVER-CA\Pendin ST
Tai may Web Server vao lai man hinh Web cua CA dộ xem trang thai
Trang 11{> Microsoft Active Directory Certificate Services - Windows Internet Explorer GO -le http: //192 168 1 1/certsrv/ CÁ Án [ teh = op Page â 9m ee GB Microsoft Active Directory Certificate Services Welcome %
Use this Web site to request a certificate for yo browser, e-mail client, or other program By using a certificate, you can your identity to people you communicate with over the Web, sign and it messages, and, depending upon the type of certificate you request, other security tasks
You can also use this Web site to oad a certificate authority (CA) certificate certificate chain, or certificate r ion list (CRL), or to view the status of a pending request
For more information siết Directory Certificate Services, see Active
JOWMOEG fd VA CENnNICale, Ceninicate Chgail, OF URI
Nhấp vào Saved Request Certificate
/` Microsoft Active Directory Certificate Services - Windows Internet Explorer
GO lel re92 18.1 seerevfendonss] +4) apne sexo
Trang 12[- pacha Active Directory Certificate Services - pitas init psn! Tre may not display correctly Microsoft Certificate Issued $ oF â
The certificate you r ed was issued to you
ÂD ncoded or â Base 64 encoded Download certificate Download certificate chain Trong bai t0i sộ luu file nay vao C:\c6 tộn 1a certnew.cer Eee " Disk ra )
Quay trở lai man hinh Server Certificates cia IIS bạn nhấp chọn
Trang 13Internct Information Services (11S) Manager — eee GS (&> == › c ma“
&-018I0uuuall VỘ S22 Ordfcse (ca?
s S semen oer PR \Admenistrator) 0 GA G NA that He Web server > application Can use with Web sites
sả" SERVER-CA
Chọn file certnew.cer trong cửa số Specify Certificate Authority Response va dat tộn cho Certificate nay la Web GCC
Complete Certificate Request
Nhận thấy trong màn hỡnh Server Certifieate sẽ xuất hiện thờm một Certificate mới đõy chớnh là Certificate cho Website của bạn
= Internet Information Services (IIS) Manager ° oy Server Certificates
Use this feature to request and manage certificates that the Web s: can us ith Web sites configured for SSL
xỏ T< cu iO
SERVER -CA
Trang 14
Trong cửa số Add Site Bendings ban chon giao thitc https trong Type
Trong SSL certificate ban chon la Web GCC
| Add Site Bmding Màn hỡnh sau khi hoàn tất Site Bindings
Trang 15` https://www.gccom.net/ - Windows Internet Explorer | Ea GO fe ôe.2n =] a) Ue te Shittps://www.accom.net/ a | x y dõh v rở WWW.ứccom.net me 3” ‹+
one 7 j ƒ | [ [ (a ity (6 internet | Protected Mode: Off
OK minh via trinh bay xong phan Internet Information Services - IIS
trong 70-648, 70-649 cua MCSA